Watch CBSN Live

Facebook's facial recognition system, why it's scary

Facebook's facial recognition system, why it's scary

(CBS) - Remember last weekend, when you were at that party and friends were snapping photographs to post on Facebook? What if that seemingly innocent act could lead to identity theft or real-life stalking? Fear!

In a recent study done at Heinz College, Carnegie Mellon University (CMU) called "Faces of Facebook: Privacy in the Age of Augmented Reality," Alessandro Acquisti, Ralph Gross and Fred Stutzman reported on the "consequences and implications of the convergence of three technologies: face recognition, cloud computing, and online social networks."

Presented on Thursday at the Black Hat Technical Security Conference, the study argued that with current technology, we could be "re-identified" and have our social security numbers stolen. The three experiments discussed are eye-opening.

Facial recognition and re-identification

The first experiment took pictures from a popular dating site and cross referenced them with Facebook profile pictures. Dating site members typically maintain their anonymity by using pseudonyms. With the results of the experiment being "statistically significant," these people could easily be identified with the software.Thus their identities outed across both channels.

The second experiment was similar to the first, except this time, the researchers took real-life photos and used facial recognition software to re-identify students at a select college campus. They were able to identify one-third of the subjects in their experiment. 

Augmented reality

In their final experiment, the researchers used the phrase "augmented reality" to describe "the merging of online and offline data that new technologies make possible."

The study's goal was to show "that it is possible to start from an anonymous face in the street, and end up with very sensitive information about that person." The results were "made possible by the convergence of face recognition, social networks, data mining and cloud computing - that [is referred] to as augmented reality."

Stephen Lamm, supervisor with the ID Fraud Unit of the North Carolina Department of Motor Vehicles looks through photos in the facial recognition system Thursday, Sept. 24, 2009 in Raleigh, N.C. (AP Photo/Gerry Broome) AP Photo/Gerry Broome

For example, once a photo is snapped on the street, facial recognition software can be run to identify a person online. Some data mining could possibly uncover the city and year the subject was born. A little knowledge of how social security numbers get assigned will enable identity thieves to narrow down the range of numbers to work with.

"The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world," Acquisti said. "Ultimately, all this access is going to force us to reconsider our notions of privacy," he continued. "It may also affect how we interact with each other. Through natural evolution, human beings have evolved mechanisms to assign and manage trust in face-to-face interactions. Will we rely on our instincts or on our devices, when mobile phones can predict personal and sensitive information about a person?"

What makes Facebook's facial recognition system so scary?

Apple has enabled the software on iPhoto for years, but the data is located on private hard drives (for the most part). Google has a version that identifies objects and locations called Goggles, but it doesn't include facial recognition (for now). Facebook by far comes the closest to enabling the future that researchers Acquisti, Gross and Stutzman depict.

Consider that Facebook is already in the cloud, their privacy terms are ever-changing and, while you can opt out of automatic facial recognition, the fact is there are probably hundreds of photos already tagged to your name.

Chenda Ngak

Chenda Ngak is the science and technology editor at

View CBS News In